1 |
On Wed, 18 Jun 2014 19:23:25 +0000 (UTC), James wrote: |
2 |
|
3 |
> OK, lets skip any RF backdoors installed by the manufacturer, |
4 |
> as those always exist, but are 'out of scope', for now. |
5 |
> |
6 |
> |
7 |
> U see this? |
8 |
> |
9 |
> http://www.unrest.ca/evaluating-the-security-of-the-yubikey |
10 |
|
11 |
I hadn't. At first glance it appears to relate to their OTP service, |
12 |
which I don't use. I use it with a static password as part of a two |
13 |
factor approach, so you would need to get physical access to the key for |
14 |
long enough to grab the password and know the other part of the password. |
15 |
|
16 |
|
17 |
-- |
18 |
Neil Bothwick |
19 |
|
20 |
When you go to court you are putting yourself in the hands of 12 people |
21 |
that were not smart enough to get out of jury duty. |